"Samsung MagicINFO flaw exploited afer PoC exploit published." 

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 07 May 2025, 0247 UTC.

Content and Source:  "Security Affairs", 07 May 2025.

Email subscription via https://feedly.com.'

https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check the email link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts ss(https://www.hawaiicybersecurityjournal.net).

Security Affairs

72K followers26 articles per week

#security#tech

21

Today

Samsung MagicINFO flaw exploited days after PoC exploit publication

by Pierluigi Paganini / 8h

Threat actors started exploiting a vulnerability in Samsung MagicINFO only days after a PoC exploit was published. Arctic Wolf researchers observed threat actors beginning to exploit a high-severity vulnerability, tracked as CVE-2024-7399 (CVSS score: 8.8), in the Samsung MagicINFO content management system (CMS) just days after proof-of-concept (PoC) exploit code was publicly released. The vulne

Experts warn of a second wave of attacks targeting SAP NetWeaver bug CVE-2025-31324

11 TTPs

•

by Pierluigi Paganini / 12h

•

CVE-2025-31324

Threat actors launch second wave of attacks on SAP NetWeaver, exploiting webshells from a recent zero-day vulnerability. In April, ReliaQuest researchers warned that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is potentially being exploited. Thousands of internet-facing applications are potentially at risk. The flaw in SAP NetWeaver Visual Composer

U.S. CISA adds Langflow flaw to its Known Exploited Vulnerabilities catalog

4 TTPs

•

by Pierluigi Paganini / 13h

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Langflow flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow flaw, tracked as CVE-2025-3248 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog . Langflow is a popular tool used for building agentic AI workflows. CVE-2025-3248 i

Google fixed actively exploited Android flaw CVE-2025-27363

by Pierluigi Paganini / 16h

Google addressed 46 Android security vulnerabilities, including one issue that has been exploited in attacks in the wild. Google’s monthly security updates for Android addressed 46 flaws, including a high-severity vulnerability, tracked as CVE-2025-27363 (CVSS score of 8.1), that has been exploited in the wild. The company did not disclose any details regarding the attacks or the threat actors ex

Yesterday

New ‘Bring Your Own Installer (BYOI)’ technique allows to bypass EDR

5 TTPs

•

by Pierluigi Paganini / 17h

•

BYOI bypasses SentinelOne EDR

A new BYOI technique lets attackers bypass SentinelOne EDR, disable protection, and deploy Babuk ransomware by exploiting the agent upgrade process. Aon’s Stroz Friedberg discovered a new “Bring Your Own Installer” (BYOI) EDR bypass technique that exploits a flaw in SentinelOne’s upgrade process to bypass its anti-tamper protections, leaving endpoints unprotected. Stroz Friedberg researchers did

Smishing on a Massive Scale: ‘Panda Shop’ Chinese Carding Syndicate

2 TTPs

•

by Pierluigi Paganini / 20h

Resecurity found a new smishing kit called ‘Panda Shop,’ mimicking Smishing Triad tactics with improved features and new templates. Resecurity (USA) was the first company to identify the Smishing Triad , a group of Chinese cybercriminals targeting consumers across the globe. In August 2023, our team was able to identify their activity and locate the smishing kit they were using, successfully expl

Kelly Benefits December data breach impacted over 400,000 individuals

Kelly Benefits data breach affects 400000

•

by Pierluigi Paganini / 1d

Kelly Benefits has determined that the impact of the recently disclosed data breach is much bigger than initially believed. Benefits and payroll solutions firm Kelly & Associates Insurance Group, aka Kelly Benefits, announced that the impact of a recently disclosed data breach is much bigger than initially estimated. The U.S.-based company provides benefits, payroll, and workforce management solu

A hacker stole data from TeleMessage, the firm that sells modified versions of Signal to the U.S. gov

Collection (Enterprise TA0009)

•

29by Pierluigi Paganini / 1d

A hacker stole data from TeleMessage, exposing messages from its modified Signal, WhatsApp, and other apps sold to the U.S. government. A hacker stole customer data from TeleMessage, an Israeli firm selling modified versions of popular messaging apps, such as Signal and WhatsApp, to the U.S. government. “The data stolen by the hacker contains the contents of some direct messages and group chats s

Experts shared up-to-date C2 domains and other artifacts related to recent MintsLoader attacks

24 TTPs

•

by Pierluigi Paganini / 1d

•

MintsLoader malware used in attacks

MintsLoader is a malware loader delivering the GhostWeaver RAT via a multi-stage chain using obfuscated JavaScript and PowerShell. Recorded Future researchers observed MintsLoader delivering payloads like GhostWeaver via obfuscated scripts, evading detection with sandbox/VM checks, and uses DGA and HTTP C2. MintsLoader is a malware loader that was first spotted in 2024, the loader has been observ

May 4, 2025

Sansec uncovered a supply chain attack via 21 backdoored Magento extensions

4 TTPs

•

by Pierluigi Paganini / 1d

•

Magento supply chain attack exposes

Supply chain attack via 21 backdoored Magento extensions hit 500–1,000 e-stores, including a $40B multinational. Sansec researchers reported that multiple vendors were hacked in a coordinated supply chain attack, the experts discovered that a backdoor was hidden in 21 applications. Curiously, the malicious code was injected 6 years ago, but the supply chain attack was discovered this week after t

US authorities have indicted Black Kingdom ransomware admin

3 TTPs

•

by Pierluigi Paganini / 2d

•

Yemeni national indicted for ransomware

A 36-year-old Yemeni man behind Black Kingdom ransomware is indicted in the U.S. for 1,500 attacks on Microsoft Exchange servers. U.S. authorities have indicted Rami Khaled Ahmed (aka “Black Kingdom,” of Sana’a, Yemen), a 36-year-old Yemeni national, suspected of being the administrator of the Black Kingdom ransomware operation. He is believed to have carried out 1,500 attacks on Microsoft Exchan

Malicious Go Modules designed to wipe Linux systems

IoC > 3 URLs

•

by Pierluigi Paganini / 2d

•

10 TTPs

•

Malicious Go modules erase disks

Researchers found 3 malicious Go modules with hidden code that can download payloads to wipe a Linux system’s main disk, making it unbootable. The malicious modules contain obfuscated code to fetch next-stage payloads that can wipe a Linux system’s primary disk and make it unbootable. “Socket’s Threat Research Team uncovered a stealthy and highly destructive supply-chain attack targeting develope

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 44

by Pierluigi Paganini / 2d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape io_uring Is Back, This Time as a Rootkit I StealC You: Tracking the Rapid Changes To StealC Interesting WordPress Malware Disguised as Legitimate Anti-Malware Plugin Using Trusted Protocols Against You: Gmail as a C2 Mechanism Semantic-Aware Contrastive Fine-Tuning

Security Affairs newsletter Round 522 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 2d

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Rhysida Ransomware gang claims the hack of the Government of Peru DragonForce group claims the theft of data after Co-op cyberattack U.S. CISA adds Yii Fr

May 3, 2025

Rhysida Ransomware gang claims the hack of the Government of Peru

by Pierluigi Paganini / 3d

The , the gang breached Gob.pe, the Single Digital Platform of the Peruvian State. The Rhysida ransomware gang claims responsibility for hacking the Government of Peru, breaching Gob.pe, which is the country’s official digital platform. The Government of Peru has been breached by Rhysida Ransomware. pic.twitter.com/6fsczNSrwu — Dominic Alvieri (@AlvieriD) May 2, 2025 The group published the image

DragonForce group claims the theft of data after Co-op cyberattack

3 TTPs

•

by Pierluigi Paganini / 3d

•

Co-op shuts down IT after cyberattack

Hackers claim Co-op cyberattack is worse than admitted, with major customer and employee data stolen, and provide proof to the BBC. The attackers behind the recent Co-op cyberattack, who go online with the name DragonForce, told the BBC that they had stolen data from the British retail and provided proof of the data breach. Hackers shared screenshots with BBC of their first extortion message to C

U.S. CISA adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog

3 TTPs

•

by Pierluigi Paganini / 3d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descriptions f

May 2, 2025

Ireland’s DPC fined TikTok €530M for sending EU user data to China

TikTok fined 530 million euros

•

by Pierluigi Paganini / 4d

Ireland’s Data Protection Commission (DPC) fined TikTok €530M for violating data rules by sending European user data to China. Ireland’s Data Protection Commission (DPC) fined the popular video-sharing platform TikTok €530 million for violating data laws by transferring data belonging to European users to China. TikTok violated GDPR by transferring EEA user data to China and lacking transparency.

Microsoft sets all new accounts passwordless by default

Microsoft makes accounts passwordless by default

•

by Pierluigi Paganini / 4d

Microsoft announced that all new accounts will be “passwordless by default” to increase their level of security. Microsoft now makes all new accounts “passwordless by default,” enhancing protection against social engineering attacks, phishing, brute-force, and credential stuffing attacks. “As part of this simplified UX, we’re changing the default behavior for new accounts. Brand new Microsoft acc

May 1, 2025

Luxury department store Harrods suffered a cyberattack

Harrods targeted by cyber attack

•

by Pierluigi Paganini / 4d

Harrods confirmed a cyberattack, following similar incidents suffered by M&S and Co-op, making it the third major UK retailer targeted in one week. Luxury department store Harrods confirmed a cyberattack, threat actors attempted to gain unauthorised access to some of its systems. “We recently experienced attempts to gain unauthorised access to some of our systems.” reads a statement published by

U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog

by Pierluigi Paganini / 4d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descriptions for

End of feed